[Oisf-users] Suricata providing so_rules?
Victor Julien
lists at inliniac.net
Fri Jul 14 13:16:38 UTC 2017
On 13-07-17 06:56, Charlie Dyer wrote:
> Hello
>
> As I understand it Snort has the ability to somewhat midly obfuscate
> certain rules by writing them in C and providing them in binary form,
> mostly to satisfy NDAs or to protect vulnerability details where
> exploits are not really in the public domain.
>
> How does Suricata cater for such rules?
We don't support so_rules.
You can write your own logic in lua scripts. I guess you could obfuscate
those if you wanted to. I think it provides only limited value wrt
hiding the detection logic though. But that is true for the so_rules as
well.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list